ColdFusion Datasource Connection Errors as Usual

Question

Hi All,

Running ColdFusion 2023 on Windows Pro 11.

MSSQL 2022 server installed.

Does CF "REQUIRE" jdbc driver to connect to SQL server or is it only an option? If it's required CF should clearly state that.

I know I've dealt with this before, but can't remember how I fixed it.

I downloaded the jar file for it ( mssql-jdbc-12.4.1.jre8.jar ) and put it in the lib folder in coldfusion. Still no go.

I don't see it listed as a driver when creating the datasource.

I did restart CF and SQL server afterwards.

I'm logging into SQL server using Windows authentication. I don't recall seeing a choice during installation to do it any other way.

Web searches suggesting:

1. make sure TCP/IP is enabled: Yes, did that.

2. Get jdbc driver: Yes, did that. Put in CF lib folder.

3. Add "AuthenticationMethod=ntlm" in the advanced settings Connection String CF settings: Did that.

4. Tried putting servername/username in that didn't help.

Still not working. Head is spinning at this point.

Most recent error:

"Connection verification failed for data source: Test
java.sql.SQLNonTransientConnectionException: [Macromedia][SQLServer JDBC Driver][SQLServer]Cannot open database "Locations" requested by the login. The login failed."

If I select the MSSQL driver I get:

"Connection verification failed for data source: Test
java.sql.SQLException: [Macromedia][SQLServer JDBC Driver]Kerberos Authentication is not supported by this SQLServer. The driver attempted Kerberos authentication because the AuthenticationMethod connect option was "auto" and no username/password was specified."

Can anyone please point me to good documentation or offer suggestions on how to fix this?

Thanks!

Laura

Charlie Arehart · Answer

Laura, you're mixing many things together. 🙂 Let's try to untangle your knots.

1: There are indeed 2 ways to connect to sql server (and other db's) in cf: one is the driver provided by Adobe, the other is literally to use an "other" driver (a jar, like you attempted).

So no, you don't NEED to obtain a driver. It's an option.

2: As for your using Windows auth for the sql server datasource, that's also known as "trusted authentication", as no username or password is entered in the cf dsn. Instead, the user running cf is what will be used to access the db. This is supported by both sql server drivers, and yes, you'd add AuthenticationMethod=ntlm to the connection string box.

Did you do that for the Adobe-provided sql server driver? Your second error suggests you did not. That might be all you needed there.

For the ms driver, you'd also need the additional connection string, integratedSecurity=true

3: As for your first error, if you get that with this setup, my guess is that's indicating that the user running the cf service has NOT yet been identified in sql server as a permitted user for that database. That's something done in sql server.

When using/setting up such Windows auth for a db, it's indeed critical to know what is the user running the cf service (assuming cf is running as a service, as it would for production, at least). If you leave the cf service running as what's implemented by default, that's "local system". In that case, the username to grant access to in sql server would be not "local system". When the dsn uses localhost or 127.0.01 as the server name, the formal Windows account name used for the sql operations would be "NT AUTHORITY\System". (If some other server name is used, it may be "nt authority\anonymous login".)

It may well be that in your old cf instance, someone could have changed cf there to run as another user (per instructions in the cf lockdown guide, for example). In that case, that user would be used to connect to sql server.

Either way, the first error seems to be indicating that the user running your current CF has not yet been granted permissions to the db (in sql server). As for how to grant permissions in sql server/ssms, I will leave that as something you can find readily online

Yet another option (in that second case) might seem to be that you could change the cf service to run as whatever user ran your old cf server. Just beware that beyond ensuring sql server is configured for that user, in changing the user running cf you also need to make sure to give THAT user permission to read /write the cf folders themselves, and ensure it has read access to your code, and write access to any other folders it may need to write to in your app. Again the cf lockdown guide discusses that.

4: (As an update, to my original comment, I'll add now that yet another option is to skip all the above and change to allow sql server login authentication rather than Windows auth, as discussed further in another comment here, and then just put a username password into the dsn--ensuring that user has permissions in sql server for your database.)

As for the rest of what I've shared above, I'm not aware of any one resource that elaborates on all the points. This forum thread may serve future folks that way. 🙂

Feel free to ask follow-up questions, and let us know how it goes.

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded